Software Piracy At the Beijing Branch Office?

spirit_fingers writes "I'm the IT manager for a west coast design company that has a small branch office in Beijing with 5 employees, a few workstations and a couple of servers. Recently, it came to my attention that the Beijing office has been routinely installing and using pirated software on their computers — MS Office and Adobe Creative Suite, mostly. We're very buttoned up about being legal with our software here at the home office, and I consider it unprofessional and risky for our Beijing office to be engaging in this practice. When I called the local office manager on this, he shrugged and replied, 'Well, every other shop here does it.' So I was wondering if there are any IT manager Slashdotters here in the the US who may have experienced something similar with their colleagues in APAC, and how they handle a situation like this." Click the link for more of this reader's thoughts on the subject.
Up until now, the powers that be here in the States have had a relatively laissez faire attitude about what goes on at the Beijing office and our accounting department hadn't noticed that Beijing never submitted receipts for software, until I questioned them about it.

I have no doubt that "everyone else does it" in that environment. Frankly, I could care less what those guys do with their personal computers, but when it comes to company-owned gear my attitude is to stay legal no matter what anyone else is doing. And it's not like they need to do it to save money: the Beijing branch turns a tidy profit. It just seems to be an attitude so firmly ingrained in the culture over there that no one gives it a second thought.

My response (CC'd to our CFO) was to ask for copies of all receipts and serial numbers for the software they're using. and see what happens. This came down today, so I'll give them a day or two to come up with something.

He's Right

EVERYONE in China massively pirates all software.

Seriously, the company I work for has facilities in China and everything we don't specifically buy and install is pirated over there.

Re:He's Right

"Bollocks. Never seen it, or heard of it, except from software vendors trying to scare people."

Many people had never seen a banana a few hundred years ago. They still existed. I've been to Hong Kong, and I've been to China. World apart, literally worlds apart, my friend.

Re:He's Right

What you're saying is that if you can't afford something, it's OK to steal it.

No. Copyright violation is not theft.

Re:He's Right

[robthebloke]

nLite & vLite my friend. Not only can you remain legal, but you get a much better set of options that with your pirated CD. It can even do hands free installs so that next time someone has a problem, then can just re-do the whole thing themselves.....

Re:He's Right

[MrZaius]

This is about more than just pirated software. Depending on where the Beijing office got the software, it could be carrying a malware payload that handed over back doors to all of their computers. China is well known for using corporate (and other) espionage to further their political agenda. Hooking into company systems to exfiltrate any possibly valuable data is far too common.

Quite right. Given my druthers, the first and most important thing I'd do is strip them of any and all administrative rights and, most importantly, re-Ghost the boxes nightly or run them as thin clients. The security situation is so poor in-country that you shouldn't even consider letting the local staff manage their own stuff if we're talking about such a tiny little office. Five guys wouldn't warrant a separate sysadmin in the states, and it still doesn't abroad when you've seen malfeasance on this level and are operating in a country with a massive corporate espionage problem. Again I say, strip them of their rights.

Make sure you have a couple of spare, online, patched workstations ready to go for when one fails 'cause you don't want them to have to have local admin rights. Grab yourself an IP-KVM, too and make sure you have two ISPs running into the office, even if the second is just some dinky little 256kbps line. That'll give you the capability of having them jack a KVM-enabled computer into a switch or firewall for diagnostic purposes if one of the two networks goes down and you can't remote into those devices. Likewise, it'll give you the capability of taking a peak at a bad NIC prior to having them swap a workstation out for one of the spares. Having Ghost on the network or something like it would be useful at that time to allow you to replace the no-longer-spare equipment you've had to have them put into use.

If I could get approval to do so, I might also lock down their workstation's USB ports and optical media to the point of uselessness and drop a monitor-less *NIX box with good AV software somewhere in the office with a ton of USB ports and DVD-ROM drives to remotely scan and introduce anything they think they might need onto the network myself. This should, of course, also be paired with an HTTP proxy that blocks any sort of executable code beyond the stuff that's used to render a normal webpage from coming in. I'd then set up MAC address whitelisting on all networks, wired and wireless. This would be a PITA, but it would give you an extremely high level of control over the network there, going far beyond what you have now, and limiting any practical attack vectors to hardware based attacks (keyloggers) and viral attacks embedded in flash apps, PDFs, etc. I don't think I'd bother with this step back home, but it seems worth it in China. Of course, this carries with it some rather dramatic drawbacks if your "design" shop is doing software engineering, and probably shouldn't be considered. Seems perfectly reasonable if we're just talking about artists or a bunch of people running AutoCAD.

Protecting your proprietary knowledge is probably well worth the level of hassle you'd be subjecting everyone to, yourself included, by doing the above.

Re:He's Right

[cpct0]

EVERYONE in China massively pirates all software.

Seriously, the company I work for has facilities in China and everything we don't specifically buy and install is pirated over there.

I will have to agree with you. My friend has a company branch there, and at first, all computers came with all illegal software, although the invoices were saying it came with Windows, it was a pirated version that couldn't even software update (talk about a bad hack :) ).

My friend had to go to the store, ask for "real" Windows, he got told multiple times it was real, it's not a copy, no one here never sold any "official and legal" Windows. They finally agreed to (get this) order 5 copies, that took 2 weeks to receive, and finally he got his real Windows.

That's the tip of the iceberg. Untold hardware changes ("But I asked for this", "this is the same" or "this is better"), specific requests for legal versions getting preinstalled cracked versions, and so on.

You know what, we're frowning today at this practice, but in Windows 3.1 times, it was always like this in here too, and that's not too far away. When you purchased a computer, you seldom had any official version of your software. Everyone I knew had some Autocad version dangling around (why, I dunno!), and the hardware was (and sometimes still is) a black box of arcane things.

Re:He's Right

[hesiod]

Well, if anyone had mentioned anything about a keylogger, we might be inclined to believe you had some fucking clue what was going on. But since he was talking about patching windows before being compromised from the Internet, a firewall is exactly the right thing to bring up.

Re:Let the directors decide.

[p0tat03]

If you want something to happen, try reporting the situation to the Beijing branch manager, and CC a higher-up of appropriate stature at the home office.

Speaking as a Chinese, and having much dealings with my kind, I can say that Chinese people will shit a brick when it comes to potentially pissing off a higher-up in the States.

Revoke install privs?

[magarity]

It seems rather simple: just revoke their account privs for installing new software. I'm in China now and the piracy is not only rampant, the attitude is that only suckers pay. You'll have a near impossible task to try to enforce a no piracy rule by just asking nicely and for receipts. BTW, fake receipts are just as easy to get as pirated software so accepting those as proof will just get you fooled. The only way is to check product keys.

Re:Ya know what else you should ask for?

[RodgerDodger]

It snows in Australia. Some parts of Australia receive no snow, just like some parts of the US receive no snow. Some parts receive a lot. Those parts presumably like to stock up on snow shovels.

Re:Ya know what else you should ask for?

[zonky]

Tell that to all the http://en.wikipedia.org/wiki/List_of_ski_areas_and_resorts_in_Australia

It's not "PDF stuff"

[PCM2]

It's Adobe Creative Suite ... which includes stuff like Photoshop, Illustrator, and InDesign. You won't find free replacements for those. (And don't bother replying about the GIMP until it has proper CMYK support.)

Re:It's not "PDF stuff"

[MooUK]

It's related to the print method. A design company needs to know exactly what they will be printing, and their printers work on CMYK, not RGB like your screen (and therefore most programs). They therefore prefer to work with CMYK and are limited in their program choice.

Re:It's not "PDF stuff"

[Alex+Belits]

"GIMP has no CMYK support" is in the same category as "You will lose copyright on anything made with GPL software". It is constantly being repeated by Microsoft marketing people despite being obviously false.

Re:I'd go the other way, personally

Normally I would agree with you, but you do realize that the US has this gigantic trade deficit with China, don't you? Maybe you could be more clear about who is the rich and who is the poor guy here.

Re:See no evil, hear no evil, speak no evil

[B2382F29]

Reading slashdot from china at the moment I can verify it is definitely NOT banned. You might want to use another DNS server though (e.g. from OpenDNS) as the DNS requests tend to take longer if you use the DNS servers of the chinese providers.

Re:why do you care?

[daveime]

America != World.

In some developing countries, software piracy is not considered illegal. In Russia, which is not a signatory to the Berne Convention it is legal to copy any software as long as it is not in the Russian language.

So what strawman will you choose next I wonder ?

Seen it time and time again with Asian offices...

[Taelron]

I'm an I.T. consultant in Silicon Valley and several of my clients over the years have had manufacturing offices in Hong Kong and China.

I've had to deal with this situation more times than I care for in the last 10 years. Its a very big legal hassle for your company, and their are raids every few years. Not enough to scare the Asian work force into compliance, but its enough of a game of corporate Russian roulette that the risk just isn't worth it.

Not only are many of the Asian offices using pirated software, but are not running any antivirus software. I've routinely tracked down about 80% of all infections at my client offices to their e-mails with their overseas counterparts or from when they are traveling in Asia on business.

Also, much of the pirated versions of the software are riddled with trojans, spyware, and security holes galore. Allowing them to use that software further opens up your entire company up to a breach or leak of information.

I've also seen more than one company fold or nearly go under because one disgruntled person called in an anonymous tip that their current or former companies software was not legit.

In a corporate environment, getting the documentation and legal software is definitely the IT managers job, and an obvious C.Y.A. for anyone in the I.T. department and the company officers... Its those heads that will roll if the B.S.A. shows up with the authorities to audit you.

Re:why do you care?

[sw155kn1f3]

bullshit, it's illegal to copy any copyrighted software in russia.. the only question is will you get punished for doing this or not. this happens because copyright law can be enforced only by owner of such software registered within RU itself. so if say, adobe, has no representation in russian federation, then this just cannot be prosecuted by russian law (no intl treaties, correct, but this can and will change), because law clearly states that only copyright holder can protect their property.
IANAL, but this is how this works in RU.

They are they are a small shop

I am a Chinese programmer, not in Beijing, but in China anyway.

In China, most small business task the risk of using pirated software and being caught by MS,Adobe and etc.

Usually, big firms forbid employee using pirated software. They are afraid of letters from lawyers just like the American ones.

For example, they may use WPS instead of MS Office, use notepad++ instead of UltraEdit and so on.

Re:I'd go the other way, personally

[1u3hr]

Normally I would agree with you, but you do realize that the US has this gigantic trade deficit with China, don't you? Maybe you could be more clear about who is the rich and who is the poor guy here.

List of countries by GDP (PPP) per capita
China, People's Republic of: $5,325, rank: 100
United States: rank: $45,725, rank: 6

Clear enough?

Re:why do you care?

[seifried]

"In Russia, which is not a signatory to the Berne Convention"

Uhhhh. No. That is incorrect.

The Berne Convention also became effective for Russia on March 13, 1995.[51]

Contracting Parties > Berne Convention > Russian Federation > Details

Re:Let the directors decide.

No, what stinks is the, "Dear Slashdot, in Nazi Germany I caught my boss littering. I hear littering is a big problem in Nazi Germany. Oh my, what should I do to stop this problem of littering in Nazi Germany?" attitude.

Unless you have this irrational obsession with intellectual property (it's my idea, not yours! I thought of this string of bits first!), you might as well be writing an Ask Slashdot about how you noticed a group of your colleagues not giving the salute at the latest rally. I mean, it's company policy to give the salute, so all faithful employees should be saluting or they must lack some sort of pride in themselves and their technical work, right?

OP, you may not realise it, but your attitude demonstrates everything required of a footsoldier in an authoritarian state. Somewhere, there is a petty bureaucrat's desk at a Party regional office with your name on it, ready for you to engage in your mammoth task of checking compliance on all the most irrelevant of details.

I am in APAC. And we don't use pirate stuff.

[bronney]

The companies I worked for thru the years here in Hong Kong never install pirate stuff as we have great timely support from the US office whenever we need. The question I have for you is:

Why is your BJ branch installing pirated office and adobe? Don't you have license for those software and whether you provide them with a link to the US servers to download? If not, do you have a process where they can "order" software from you, or have the budget to buy the software in mainland?

The ultimate question, which I suspect is why they do it, is, are they pirating photoshop because your US office is too cheap to get them what's good, and forces them to use MS paint to crop silly pictures?

This happens in a lot of places, 1 or 2 computers in a company has Acrobat, all the other ones uses Acrobat reader. Those 2 computers go on vacation, some dude needs to change some text in a PDF and notice the reader can't do it. They ended up pirating Acrobat.

Provide everyone with the software they need to get the job done. Educate them to ASK you for them if they need it but don't have it. And if you don't have it, won't buy it in time, and don't care, then just shut up (I am sorry for the bluntness). If the BJ office has access to your legit software, they won't pirate it.

Re:I'd go the other way, personally

[fork_daemon]

Yes. As an example. In Mumbai, India there is a place to buy Brand New Original Computer Hardware for cheap. These are called grey markets. I once bought a Seagate Harddrive for INR 3000/- The Price tag on the Disk read, INR 8000/- Now they are many people who have made enough profits before selling that disk to me.

But in US and Europe, people usually end up paying the Final Price. Ofcourse, it includes Shipping costs,but still you do get it with huge profits in the pockets of the American Corporates.

For people from this side of the globe a small profit is a big thing. But the equivalent profit in First world countries ends up being negligible.

Taught computers at a U. in China for year

[cenc]

Even the "authentic" software is often pirated in China. I mean with laser stickers sold by the largest brand name stores in China. Even if you wanted to, you might have trouble finding real software.

In my year in China, I seen thousands of computers and not single one had a real copy of windows on it. Even the computer provide to me by my Chinese government handlers for my work had a hot copy.

I promptly installed my own copy of linux. No windows machine in that environment can withstand the volume of malware attacks from every direction. There are virus in the wild in China that simply have not made it in to the virus software yet.

By the way, there are no copies of anti-virus software for sale on the streets either. In over a year, I never seen one single copy, and Chinese I talked to about it think they are silly.

So, switch to linux or live with it. Copying others is a tradition that goes back thousands of years, and it is not going to change simply by the central government outlawing. All property is public property in China.

Copyright infringement not criminal?

[SirGarlon]

It's not a good analogy as homicide is a criminal offense and software piracy a civil offense.

You must not have watched a DVD lately: "Criminal copyright infringement is investigated by the FBI and carries penalties of [insert long prison sentence] or [insert whopping monetary fine], or both." There's also the international warning that Interpol will hunt you down if you live overseas.

I'd agree with you that copyright infringement should be a civil matter, but it's also a criminal offense in most countries, thanks to the lobbying efforts of the MPAA, RIAA, and related racketeer^H^H^H^H^H^H industry groups.

Re:Let the directors decide.

[Threni]

> It's not a good analogy as homicide is a criminal offense and software piracy a civil offense.

Depends where you are. In the UK, as well as loads of other countries, copyright infringement is a criminal offence.

Re:I'd go the other way, personally

* When
* your
* savings
* You'll
* won't
* fast cars, loose women and gambling
* memories

Re:Don't Stick Your Neck Out, But CYA & Pass t

[HikingStick]

As another IT manager, I know it's my can in a sling if the license status of the software is questioned and found to be illegal or unauthorized under my watch. It's not only my reputation on the line, but my company's reputation. When I took a stand on a recent plan proposed by one of our consultants, I knew that I was putting my neck out, but I was not going to let my name be listed as a supporter and implementor of a solution that would clearly violate our contract with a service provider. [The consultant wanted us to purchase a limited number of licenses for an online SaaS solution and then share the logon information with everyone in the company when the contract states in plain English that user accounts are intened for individual users and may not be shared.]

I know many of you may shudder at the thought that a company continues to use M$ products, but that decision was already made in this case. Being an American company, comliance with licensing terms is something to which the company may well be held accountable. I think the best advice I've seen here is for this manager to document his concerns, communicate them up and down the tree, and then decide if he is comfortable working in the environment if management continues to overlook the issue.

In my situation, I expressed my concerns about the company's reputation and legal liability issues to my upline, and I offered to walk (while making it clear that staying was my preference) if my stance was incompatible with the company's views on licensing and contract law. Two weeks later, we purchased the additional licenses, and I still have a job.

Re:He's Not Right

"Pirated software doesn't inherently increase the developer's costs directly, but it decreases their return on investment, which is very similar."

That is one of the fallacies of software piracy.

That is only true if the pirate would have bought the software otherwise. If they would not have bought the software, then the developer loses nothing (they don't even lose in service/support, because they won't service/support pirated software, so there is no loss there either.)

You've been to Asia, right?

[rwa2]

Walk into a mall and there are no "legit" software stores. You still buy your software, there are stands and small storefronts all over the place filled with shiny boxes and jewel cases.

Short term solution is just buy legit copies of what they have installed and send it to them, so at least they have the licenses and CDkeys available, might help you get some leniency if the BSA or someone decides to come down on you. And then work to clean up the mess and get them aligned with IT / accounting standards.

As far as the cultural aspects, they will never understand... it is much more convenient to install and run things through the "pirate" distribution channels, which have usually cleaned out the annoyances of product activation and click-through EULAs and all that other crap that US software companies subject us to. Also they wouldn't stand for software with half of the additional-cost features locked out, even if they are features they'd never use.

On the other hand, this mentality makes them particularly amenable to adapting open source software, since they tend to be technically proficient enough to learn new ways of doing things, and really appreciate and expect not to have to deal with licensing hurdles and DRM. All you have really need to do is convince them that the open source software is technologically superior, which in most cases isn't too terribly difficult.